Sonatype Blog

Fast-growing Flashback botnet includes over 600,000 Macs, experts say

April 5, IDG News Service – (International) Fast-growing Flashback botnet includes over 600,000 Macs, experts say. More than 600,000 Macs have been infected with a new version of the Flashback trojan being installed on people’s computers with the help of Java exploits, security researchers from antivirus vendor Doctor Web said April 4. Flashback is a family of Mac OS malware that appeared in September 2011. Older Flashback versions relied on social engineering tricks to infect computers, but the latest variants are distributed via Java exploits that do not require user interaction. April 3, Apple released a Java update in order to address a critical vulnerability being exploited to infect Mac computers with Flashback. However, a large number of users have already been affected by those attacks, Doctor Web said in a report issued April 4. The company’s researchers managed to hijack a part of the Flashback botnet through a - 12 - method known as sinkholing, and counted unique identifiers belonging to more than 550,000 Mac OS X systems infected with the trojan. Over 300,000 of the Flashbackinfected Macs, or 56 percent of the total, are located in United States, while over 100,000 are located in Canada, Doctor Web said. The United Kingdom and Australia are next, with 68,000 and 32,000 infected Macs, respectively. The botnet is growing at a rapid rate. Hours after Doctor Web issued its report, one of the company’s malware analysts announced the botnet had grown to over 600,000 infected computers. He also said 274 Macs infected with the new Flashback variant were located in Cupertino, the U.S. city where Apple has its headquarters.